The second beta of the m0n0wall firewall, version 1.3, is available for download and testing. Changes since beta 1: "enabled NAT-T support for IPsec VPN (enable via webGUI); compiled SNMP agent with support for memory usage information MIB; back-ported MSS clamping fix from MPD 4.0b5 to MPD 3.18 (fixes MTU problems with PPPoE client); enabled hostap for wireless cards supported by the ral(4) driver; forced PIO mode for ATA driver to work around problems with quirky hardware (IDE controllers, CF cards); automatic keyboard detection for generic-pc(-cdrom); fallback to serial console if no keyboard found; enabled AES for IPsec phase 1; Captive portal fix (jdegraeve): now always sends the session time in RADIUS accounting messages instead of only sending it within an Accounting-Stop." Please visit the project's development pages to find out more. Download: cdrom-1.3b2.iso (8.09MB, MD5).

m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). m0n0wall is based on a bare-bones version of FreeBSD, along with a web server (thttpd), PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent. m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.

Manuel Kasper has announced the release of m0n0wall 1.8.1, a small FreeBSD-based operating system designed specifically for firewalls: "m0n0wall 1.8.1 released. In m0n0wall 1.8.1, the base system has been switched to FreeBSD 8.4 for better support of recent hardware, and there have been significant improvements, new features and bug fixes in many areas. Change log highlights: add scheduler (Croen) service with many different job types (enable and disable interface or shaper rule, Wake on LAN, reboot, reconnect WAN, execute command); improved IPv6 support, including IPsec, DHCPv6-PD, RDNSS and DNSSL and NDP info on the ARP diagnostic page; major overhaul of wireless LAN support, with some cards, it is now also possible to create multiple APs at the same time; DNS forwarder: add option to log DNS queries, add aliases (CNAMEs) and MXs; make rule moving and deletion on shaper rules page work like for firewall rules; initial support for USB modems...." Continue to the project's download page to read the full list of new features. Download: generic-pc-1.8.1.iso (23.4MB, SHA256).

Manuel Kasper has announced the release of m0n0wall 1.34, a tiny FreeBSD-based operating system for firewalls: "m0n0wall 1.34 released. m0n0wall 1.34 is a maintenance release with low-priority security fixes for CSRF/XSS issues in the webGUI. Changes in this release: eliminate modifying GETs from webGUI pages; make rule moving and deletion on shaper rules page work like for firewall rules; add csrf-magic for CSRF protection in webGUI; fix potential XSS in diag_ping.php and diag_traceroute.php; increase key size of auto-generated webGUI certificates to 2,048 bits; update default webGUI certificate/key; remove domain name handling from dhclient-script and change ARP command not to use sed (not used/available in m0n0wall); change virtualHW version to 7 for VMWare image to avoid errors in ESX 4." Visit the project's download page to read the full changelog. Download from here: cdrom-1.34.iso (17.8MB, SHA256).

Manuel Kasper has announced the release of m0n0wall 1.33, a tiny FreeBSD-based operating system for firewalls: "m0n0wall 1.33 released. m0n0wall 1.33 adds a new image type for generic PCs with a serial console, further improves IPv6 support, includes a driver for newer Realtek network chipsets and contains various small changes and bug fixes. Changelog: updated ipfilter to 4.1.33; inbound NAT rules can now be added on the LAN interface with the WAN address as a target, this helps with accessing servers on an optional interface from the LAN interface by using m0n0wall's WAN IP address; IPv6 improvements; modified 'disable port mapping' option so that it will actually avoid port mapping whenever possible, but fall back to port mapping if another mapping for the same port already exists; added support for user-customizable captive portal logout and status page...." Visit the project's download page to read the full changelog. Download: cdrom-1.33.iso (17.8MB, SHA256).

Manuel Kasper has released a second beta build of m0n0wall 1.33, a tiny FreeBSD-based operating system for firewalls: "m0n0wall 1.33b2 released. This beta version introduces a new image type for generic PCs with a forced serial console, corrects driver issues with some Realtek network cards and fixes two small bugs in DHCP 6 handling and the captive portal. Changelog: a new image type 'generic-pc-serial' has been added, the only difference to generic-pc is that it always uses the serial console; reintroduced original FreeBSD if_re driver (to fix missing support for 8139C+) and added Realtek patched driver under a new name (if_rg) with lower priority to ensure that the Realtek patched driver is only used if the stock FreeBSD if_re/if_rl can't handle the device; disallow webGUI passwords with colons (:) as mini_httpd has trouble handling them; fix broken captive portal sessions...." Here is the complete changelog. Download: cdrom-1.33b2.iso (17.5MB, SHA256).

Manuel Kasper has announced the availability of the first beta release of m0n0wall 1.33, a tiny FreeBSD-based operating system for firewalls: "m0n0wall 1.33b1 released. This beta version further improves IPv6 support (DHCP-PD, AICCU), adds user-customizable captive portal logout/status pages, fixes many small bugs and XSS vulnerabilities and contains updates for ipfilter and the Realtek driver as well as other small improvements. Changelog: updated ipfilter to 4.1.33; inbound NAT rules can now be added on the LAN interface with the WAN address as a target; replaced if_re driver by Realtek customized version to support RTL8111C (among others); IPv6 improvements; added support for user-customizable captive portal logout and status page, as well as a password change option for local CP users; added 'Bind to LAN' option for syslog, so you can syslog over a VPN tunnel...." See the project's beta versions page for the rest of the changelog. Download: cdrom-1.33b1.iso (17.7MB, SHA256).

Manuel Kasper has announced the release of m0n0wall 1.3, a minimalist firewall distribution based on FreeBSD: "After almost three years in beta, I have decided that m0n0wall 1.3 is now good enough for production. It's basically a re-release of 1.3b18, with two fixes thrown in. No major bugs have been reported any more, but as always, upgrade on your own risk. Major changes in this release (since 1.23): switched base operating system to FreeBSD 6.4; consolidated net45xx, net48xx and wrap images into a single 'embedded' image; switched bridge implementation to if_bridge - bridge member interfaces will now always be filtered; IPv6 support (enable on advanced setup page); firewall support for IPsec traffic; IPsec NAT-T, DPD and dynamic tunnels; countless bug fixes and other improvements." Read the release announcement and changelog for additional details. Download (MD5): cdrom-1.3.iso (17.5MB).

Manuel Kasper has released the seventeenth beta build of m0n0wall 1.3, a complete software firewall based on FreeBSD: "m0n0wall 1.3 beta is based on FreeBSD 6.x and has better hardware support than the FreeBSD 4.x based versions (up to version 1.23x), as well as a few new features. Changes: converted from BRIDGE to if_bridge, removed multi-interface bridge check and checkbox under Advanced for filtering bridge since member interfaces will now always be filtered; fixed a problem with ipnat refusing to create new RDR translation entries in the NAT table if a MAP entry exists for the same port; fixed problems when using advanced outbound NAT rules with destination matching; fixed DHCP lease page to only show the last lease for a given IP address; fixed for IPv6 pages in user/group manager...." Read the rest of the release notes for a full list of fixes and improvements. Download (MD5): cdrom-1.3b17.iso (17.4MB).

Manuel Kasper has released a new public beta build of m0n0wall 1.3, a FreeBSD-based firewall. What's new? "Opened firewall rules for link-local IPv6 addresses on optional and LAN interfaces; initial basic support for secondary IP addresses; added DHCPv6 support; added additional RA options for LAN and optional interfaces, required for DHCPv6; added all-servers option to dnsmasq and removed overlap check as having multiple nameservers per domain is a valid configuration; changed interface status page to list all IP addresses on an interface; allow RA support on WAN interface, and add feature to automatically suggest an IPv6 address for the LAN interface; added IPv6 support to mini_httpd (for the webGUI); allow IPv6 addresses for DNS servers on system: general setup page, and for hosts on the DNS forwarder setup page...." Visit the project's development page to read the complete changelog. Download (MD5): cdrom-1.3b16.iso (17.2MB).